A new ransomware tapped an NSA exploit to wreak some of its havoc
New week, new ransomware.
A new form of ransomware surfaced in Russia, Ukraine and elsewhere this week. Known as Bad Rabbit, it's employed a leaked NSA exploit to do some of its damage.
SEE ALSO:Paying for antivirus software is mostly BSRansomware works by freezing up a computer in an attempt to force the user to pay a fee if they want their machine to be normal again.
The trick for hackers, of course, is how to get the malicious agent onto machines in the first place.
Bad Rabbit does this in a few steps. Here's how the cybersecurity firm Symantec described it in a post analyzing the ransomware:
"The initial infection method is through drive-by downloads on compromised websites. The malware is disguised as a fake update to Adobe Flash Player. The download originates from a domain named 1dnscontrol[dot]com, although visitors may have been redirected there from another compromised website."
After the malware's been installed, according to cybersecurity firm Cisco Talos, "there is an SMB component used for lateral movement and further infection."
SMB refers to Server Message Block, which is a means by which networked Windows machines share information. Bad Rabbit attacks SMB in several ways, according to Symantec, looking to spread to other vulnerable Windows machines in the same network as the computer on which it was first installed. One of the ways is through an SMB exploit known as EternalRomance, according to Talos and Symantec.
This takes us back to April, when a group of hackers known as the Shadow Brokers dumped a trove of NSA exploits on the internet for anyone to use them, assuming they have the knowledge required. Those exploits pertained to computers running Windows, putting millions of Windows users at risk of ransomware broadsides. Microsoft had actually released patches to ameliorate this and other exploits in March, but folks have to update their computers in order for those patches to take effect, and people looking to use this ransomware surely know that many folks simply never hit update (if you're running Windows and reading this, make sure to patch up your system if you haven't already).
"Ransomware is the threat of choice for both its monetary gain as well as destructive nature"
"The distribution of BadRabbit was massive," a threat intelligence expert at the cybersecurity firm Group-IBwrote on the company's website, though he noted that the distribution resulted in "much fewer victims" than another recent ransomware attack. The "primary" victims of the attack included "several Ukrainian strategic enterprises" including Odessa International Airport and the metro in Kiev, as well as "federal mass media" in Russia.
Wrapping up its Bad Rabbit analysis, Talos concluded that the world can expect more fast-spreading attacks that strike quickly and are designed "to inflict maximum damage."
"Ransomware is the threat of choice for both its monetary gain as well as destructive nature," they wrote. "As long as there is money to be made or destruction to be had these threats are going to continue."
Featured Video For You
Step inside the secretive class that turns people into hackers
-
Carbon neutrality law violates basic rights: Constitutional Court招行实现行内存取现与转账全免费雅安市举行“爱助事实孤儿”秋季助学金 发放活动聚焦“一网一门一次”改革 提升政务服务工作效能Best Home Depot Labor Day sale deals青岛个险经纪人达7.7万 寿险保费收入同比涨67%131个推广项目入选广东省农业技术推广奖集体“充电” 练好内功 助推纪检监察工作高质量发展16 of the Most Epic Sandwiches Around the Planet青岛个险经纪人达7.7万 寿险保费收入同比涨67%
下一篇:Best Labor Day headphones deals: Apple, Bose, Beats, and more on sale
- ·Google Search tries new tactics for limiting explicit deepfakes
- ·10月份青岛CPI同比上涨2.8% 菜价涨了两成多
- ·乐S3联通众筹159万台 乐视夺单品众筹冠军
- ·市场体量稳定增长,腊味行业成食品巨头竞技场
- ·18 Slightly Submerged Architectural Wonders
- ·山东实施“负面清单”原产地签证制度 3万企业受惠
- ·开展电梯应急演练 增强安全防范意识
- ·农业农村部公示2019年中国美丽休闲乡村名单
- ·Apple Watch 10 rumors: Everything we know so far
- ·加强防火宣传 健全队伍建设
- ·同业客户经营转型加速 招商银行“银证合作”服务升级
- ·苹果自动关机原因仍不明 客服称戴保护壳可保温
- ·Blinken condemns Russia
- ·2017年航空行业总旅客量将达5.40亿 90后成主力
- ·青岛7处“迷你”养老院已投入运营 家门口养老
- ·环境卫生存短板 亟待查漏补缺再提升